Learning, coding, exploring, living.

KeePass with Putty sessions in ssh

This blog is about launching SSH sessions through putty but from within KeePass, mostly using Windows although other Operating Systems may also work. Putty essentially organises and launches SSH sessions between computers; KeePass is a Password Safe storage system. By manipulating the form of the URLs in KeePass we can simply right click an Entry and select open URL to launch a putty session.

Launching from URL

KeePass makes manipulating the URL very easy as it has a built in versatile mechanism to launching (what it calls) it’s URLs – it can be tweaked to launch any program on your computer. For instance typing in

cmd://firefox.exe

we can launch the application Firefox by selecting Open URL. We could launch putty with a similar command:

cmd://putty.exe

but that would not launch any specific SSH link, only the putty application itself (Note: this also assumes the computer can find the application “putty.exe”, you may have to put in the full location e.g. cmd://c:/Program Files/Putty/putty.exe). To launch something more specific we can add parameters:

cmd://putty.exe -ssh myvm.example.com

Here we are specifying an ssh protocol and a computer located at myvm.example.com which Putty would attempt to connect to and open a new window. But we can go one step further as KeePass lets you pass in field values from an Entry, such as the username, in this case with {USERNAME}.

cmd://putty.exe -ssh -l {USERNAME} myvm.example.com

So now KeePass grabs the username and places it in the space defined above then passes the whole thing to putty. The “-l” above tells putty to use username as the “login”. Then putty connects and launches.

Using URL Overrides

It would get tiresome to type this in for every Entry, but luckily KeePass has a “URL Scheme Override”. We can add one in the options in KeePass. Select “Integration” and press the “URL Scheme Override”s then click Add. In the scheme box type “putty” and in the URL Override type:

cmd://putty.exe -ssh -l {USERNAME} {URL:RMVSCM}

Now we have a new “protocol” which KeePass understands. We can add this to an entry by typing in the url field:

putty://myvm.example.com

Much simpler. (For information, the {URL:RMVSCM} above uses the URL field but removes the schema part. )

You may have noticed there’s another entry in the “URL Scheme Override” list for ssh. This depends on your Operating System knowing that it must launch Putty for all ssh requests – that way should also work.

Using Putty’s sessions

That works fine but I’d actually like to use the session management included in Putty. Up until now we haven’t specified a session to putty, this means it uses the “Default Settings” session. But I have specific sessions for each computer I connect too (different settings for each). To tell putty to use a session we can use the “-load” parameter:

cmd://putty.exe -load "My Computer settings" -ssh -l {USERNAME}

I’ve removed the url from this as that is stored in the putty session. (I don’t really need “-ssh” either but I like it ;).

Now we need to store the Putty Session name somewhere in the KeePass Entry. We have a few options, we can change the URL so it has the name instead of the location:

putty://My Computer settings

and the URL Override Scheme becomes:

cmd://putty.exe -load {URL:RMVSCM} -ssh -l {USERNAME}

or the other alternative is to use the “String Fields” in the Advance tab of each entry. Click Add and give it a name e.g. “PUTTYSESSION”, then a value “My Computer settings”. Now all the URL needs is the protocol (it’ll ignore everything else when the URL is launched); the URL Override Scheme becomes:

cmd://putty.exe -load {S:PUTTYSESSION} -ssh -l {USERNAME}

I haven’t decided which way I like the best.

Opening in full screen

This next part is essentially Windows OS only. I like things to fill the screen when I open them and putty has the annoying habit of only opening in a small window. We can adjust the URL Override to fix this… but it’s a little tricky. In windows we can launch applications in full screen by using “start” – a little commandline application – like so:

start /MAX firefox.exe

However, “start” isn’t a true application and KeePass can’t find it so we need to pass this command to another application first, like so:

unfortunately this causes a window to pop up then close immediately which is really annoying… to get around this you can create a batch file, these are just text files with an extension of “.bat”. If you create one called “puttylaunch.bat” and place this in it:

start /MAX C:\MatsLocal\Programs\"SSH Putty"\putty.exe %*

you can call it in the URL Override Scheme with:

cmd://puttylaunch.bat -load {URL:RMVSCM} -ssh -l {USERNAME}

I told you it was tricky!

Passwords to putty

If you’d like putty to autologin you could add the password in like so:

cmd://putty.exe -load {URL:RMVSCM} -ssh -l {USERNAME} -pw {PASSWORD}

which works great, but the obvious security concern is the password is passed to Putty (or Batch file) in plain text which essentially anyone could read (but they’d need access to your computer). I’ll leave this up to you but note it’s very simple to clipboard the password from inside KeePass (as you’re already in it!).

UPDATE: A better alternative is to use one of the “SSH agent support” plugins. Once connected through putty any session will be automatically logged. See KeeAgent (for KeePass 2.x) or PuttyAgent (KeePass 1.x) for more details.

5 Comments

Neat! I already use KeePass to (among other things) carry around copies of my SSH private keys; it makes sense to get this set up too (although I’m going to have to look into a KeePass-integrated agent, first). Thanks.